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1. Introductions and apologies 
Apologies were received from Jonathan Bamford, Heather Dove and 


Helen Ward. 


2. Matters arising from the previous meeting 


Minutes 


There were no matters arising from the previous minutes. 


Action Board 


e Steve Eckersley had not been able to complete his action but 
confirmed that he will email his guidance for the reward and 
recognition scheme to the Group before the next steering 
group meeting. 

e All other actions from the previous minutes were cleared 


4, Finance Report 


Discussion 

Paul Arnold ran through the reports in Heather Dove’s absence, 
highlighting that two months into the financial year there were no 
material areas of concern. 


Close control of budgets would be essential this year from with 
more projects and work streams competing for funding than usual. 
A quarter 1 review would take place at the next Steering Group to 
confirm any immediate adjustments to budgets. 


Bank Signatures 

Discussion 

The group reviewed a proposal submitted by Heather Dove on 
changes to the bank signatory process. It placed greater onus on 
the segregation of duties within the Finance Team and less 
emphasis on involvement of senior managers. 


Decision 
The proposal was approved. 


5. Information Governance 


Quarterly Update Report 

Discussion 

David Wells presented the report on Information Governance, 
focusing on the risks arising from the recent changes within the 
organisation. 


Moving away from PSN 

Discussion 

The group discussed the relative reduction in assurance available 
through the GSI email domain as organisations leave the PSN. It 
was highlighted that ICO staff should no longer assume that a GSI 
email address means the recipient is able to receive official sensitive 
email materials without further assurance being sought. 


Decision 

It was agreed to send a communication to staff giving guidance 
around the removal of GSI email signatures and the sending of 
official sensitive information via email. 


Actions 
Dave Wells to circulate guidance to staff on the use of GSI emails 
by 20 July. 


Governance and Security - EDRM 

Discussion 

The paper was submitted to the DCEO Steering Group for 
information and is due to be signed off within the project group 
subject to any points raised by the Steering Group. 


Paul Arnold highlighted that the function allowing the ICO to check 
if someone has viewed a document without editing it will no longer 
be available following our migration to Sharepoint. This was a rarely 
used feature of the current systems and not typically required for 
information held at official level. 


Decision 

The group agreed that any risk arising from not being able to 
identify who had viewed documents within the EDRM could be 
tolerated. 


ICO Retention 
Discussion 
The ICO retention schedule has recently been reviewed. The 
following retention periods are being proposed: - 
e Formal regulatory work: 6 year retention period 
e Informal regulatory work: 3 year retention period 


Decision 
The group agreed the 3 & 6 year retention periods. 


Instant Messenger (IM) Retention 

Discussion 

The paper proposes a 30 day retention period for the new instant 
messenger feature in the new Unified Communications system. 
Paul Arnold recommended that a shorter retention period was 
desirable as there should be no business need to hold IM 
discussions given that they are not intended to be used for matters 
of substance or to record corporate decisions. 


Decision 

The group agreed a seven day retention period for both data held 
locally in staff Outlook/Exchange accounts and for data held at 
server level. 


National Archive Transfer 

Discussion 

The ICO transfer documents every year to The National Archives 
(TNA). The proposal is that case files will be sent as “closed” as 
they predominately hold personal data. Should any information 


requests be made to TNA these would be reviewed on a case by 
case basis. This will avoid having to redact information in every file. 


The group also discussed the approach to the personal data relating 
to ICO staff members; ie that someone was an employee of the ICO 
and the type they did. 


Decision 
The group agreed that sending the case files as “closed” was a 
reasonable approach. 


The group agreed that it was also reasonable to disclose routine 
information of ICO staff working here. 


6. Any other business 


Overtime: 

Discussion 

The group discussed the increase of out of hours work taking place 
and whether it is possible to claim overtime. 


Decision 

It was agreed that legitimate pre-authorised overtime work can be 
claimed and should be paid for from the overtime budget within 
each department. It was confirmed that this did not require any 
change to policy and any member of staff working outside their 
contracted hours is entitled to receive overtime payments in line 
with our overtime policy. It is however important that any overtime 
claimed is approved by managers and can be afforded from within 
agreed overtime budgets. 


Actions 

Heads of Department wishing to pay overtime should check whether 
they have an overtime budget and if not, speak to Finance to 
establish what, if any, overtime budget may be available. 


Secondments 

Discussion 

Paul Arnold presented a proposal for a proactive and continuous 
programme of inbound secondments to the ICO. He was seeking 
views form the Steering Group prior to a proposal being developed 
for discussion and decision by Senior Leadership Team. 


Decision 
The group agreed to the proposal in principle. 


